Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Dropper & Rustock.E [Closed]


  • This topic is locked This topic is locked

#1
steveo20102010

steveo20102010

    Member

  • Member
  • PipPip
  • 18 posts
Hi,

I got an alert from MSE this week saying I had the following Virus:

WinNT/Ramnit.gen!A

I seem to have now removed that but am getting the following:

WinNT/Rustock.E

Also getting alerts about the following file, which I have removed and deleted manually several times, but it keeps re-appearing:

C:Windows/System32/KeWqp981

Below is the OTL Log:

OTL logfile created on: 30/10/2012 15:49:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.81% Memory free
3.94 Gb Paging File | 2.83 Gb Available in Paging File | 71.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.89 Gb Total Space | 44.81 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.20% Space Free | Partition Type: NTFS
Drive G: | 982.05 Mb Total Space | 14.02 Mb Free Space | 1.43% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/10/19 20:27:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/09/17 04:19:26 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Steve\AppData\Local\Temp\7zS2F10\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2010/05/28 17:53:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tjydqyjj.sys -- (tjydqyjj)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Steve\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ltlicotd.sys -- (ltlicotd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\abyqwkvg.sys -- (abyqwkvg)
DRV - [2012/09/22 15:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/09 08:30:56 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/06/26 16:56:45 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV - [2012/05/30 09:00:13 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 11:12:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...08-363C478F1139
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-12 09:48:59&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]

[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/12 08:48:55 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/04/28 09:43:35 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/12 12:59:27 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.facemoods.com/?a=bf1
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3490D01-2D2B-4749-9468-9E34BE358641}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\Shell - "" = AutoRun
O33 - MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/30 15:49:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:16 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 14:47:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012/10/30 13:09:35 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/30 13:03:27 | 000,906,692 | ---- | C] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/30 10:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/30 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/30 10:37:57 | 021,462,096 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/27 09:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/26 14:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/26 14:21:37 | 014,221,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 13:39:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 13:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 13:10:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/26 09:19:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\brrgwymp
[2012/10/19 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/10/19 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Broadband Desktop Help
[2012/10/19 20:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Motive
[2012/10/19 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/10/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/19 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/10/05 08:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/03 08:34:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\FM Genie Scout 10
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:12:23 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:12:23 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 15:09:29 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:09:02 | 000,671,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/30 15:09:02 | 000,129,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/30 15:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 15:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/30 15:04:38 | 1587,253,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/30 13:10:06 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:30 | 000,906,692 | ---- | M] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/30 10:38:07 | 021,462,096 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/29 14:31:34 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/27 09:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/26 16:51:45 | 000,000,228 | ---- | M] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 15:12:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 14:21:46 | 014,221,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:12:14 | 000,000,055 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 13:11:04 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/26 12:20:14 | 001,008,141 | ---- | M] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | M] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/30 10:38:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/27 09:32:31 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 13:40:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 12:50:20 | 000,000,055 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 12:20:03 | 001,008,141 | ---- | C] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | C] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[2012/06/26 17:10:53 | 000,569,009 | ---- | C] () -- C:\Users\Steve\Tweaking.com-RepairMissingStartMenuIconsRemovedByInfections.exe
[2012/06/26 17:01:02 | 000,555,748 | ---- | C] () -- C:\Users\Steve\Tweaking.com-UnhideNonSystemFiles.exe
[2012/06/26 16:56:45 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/06/26 12:09:23 | 000,000,136 | ---- | C] () -- C:\ProgramData\-Jw0FJLGdUTKF9Qr
[2012/06/26 12:09:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\-Jw0FJLGdUTKF9Q
[2012/06/26 12:09:17 | 000,000,256 | ---- | C] () -- C:\ProgramData\Jw0FJLGdUTKF9Q
[2012/01/20 12:55:48 | 000,195,496 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/03 09:13:37 | 000,164,645 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/03 09:13:36 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/09/26 13:54:54 | 000,000,527 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/09/26 13:51:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/06/23 15:10:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/16 13:30:33 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 11:11:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/31 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG9
[2011/10/12 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2011/03/22 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BSD
[2011/07/02 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2011/03/17 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3Rocket
[2011/09/03 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MusicNet
[2011/09/26 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyHeritage
[2011/08/08 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Netscape
[2011/10/01 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OnLive App
[2011/09/21 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Scribus
[2011/03/17 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shareaza
[2012/08/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sports Interactive
[2011/09/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/11/20 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2012/10/26 13:25:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2011/04/09 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/26 23:36:44 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/12/26 23:36:44 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/11/28 16:51:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/28 16:51:08 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/21 22:36:26 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 22:36:26 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 11:52:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/11/21 11:52:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/10/21 12:34:49 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/21 12:34:49 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/20 12:34:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șʼn
[2010/10/20 12:34:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șʼn
[2010/10/13 11:52:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/13 11:52:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/11 12:27:42 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/10/11 12:27:42 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/09/12 14:55:29 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\춘Œ
[2010/09/12 14:55:29 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\춘Œ
[2010/08/22 22:27:43 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/22 22:27:43 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/21 11:50:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ
[2010/08/21 11:50:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Steve\Downloads:Shareaza.GUID
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


The strange thing is that my system is showing no signs of a problem and is running normally!

Any help would be greatly appreciated

Thanks
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello steveo, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

I am reviewing your log. When OTL runs for the first time it creates a file named Extras.txt It should be on the desktop. Please post the contents of that file.
  • 0

#3
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

Below is the xtras log as requested:

OTL Extras logfile created on: 30/10/2012 15:49:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.81% Memory free
3.94 Gb Paging File | 2.83 Gb Available in Paging File | 71.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.89 Gb Total Space | 44.81 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.20% Space Free | Partition Type: NTFS
Drive G: | 982.05 Mb Total Space | 14.02 Mb Free Space | 1.43% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1450A612-EFB1-4681-87DB-8E58D7BEE1BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{188BF33E-45E3-4B14-B6EA-26D92B2DB0B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{20C20192-0FD7-4256-81D4-E2512B8B2A73}" = rport=139 | protocol=6 | dir=out | app=system |
"{291EE282-DEAC-46C8-BFCB-4D3E080EAFCA}" = lport=137 | protocol=17 | dir=in | app=system |
"{31FE267A-6F44-4DD6-9457-C748C7AF3404}" = rport=445 | protocol=6 | dir=out | app=system |
"{34136406-2E1E-4130-BB6D-79E11A56A239}" = rport=10243 | protocol=6 | dir=out | app=system |
"{610EE287-EFD7-4101-A0D3-E6670C22930F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6801E039-AB21-4DF8-AEA6-1B702120A12C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A12DFAB-9CA4-49B4-AC16-8491E5E3F91A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{83E3C51C-5856-41A5-9AAA-591F09C8AD2C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8F22E8E3-E8B1-436A-AA1B-2262357C8AD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B01FD30A-81D9-455E-A0FB-BD57B9C565BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B7008171-C1AA-401B-A229-CBCDA5508D2A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC79AAE1-73D0-4C83-814E-898892FE9F4D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BCCFE00B-0F91-463D-8217-D3FAD624C8A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD3A12C3-0A61-434A-B0E4-89ED9FFCB2A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C9D4FE1B-17F3-4F72-8ADC-4C86D427A2CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D53A9A2B-70CD-4AEB-9F87-1B8BFA3F440B}" = rport=138 | protocol=17 | dir=out | app=system |
"{DD9476DF-269A-43B8-8B54-CE3B84280052}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1B51C4A-9F5D-4B5C-B573-F14BDC8B9BDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D3C120-7FA5-43FA-B8FE-EC2A9E7BB5D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED03BE4F-B605-473A-95E5-9D7B81BF22CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F04C66AF-B058-443F-8EDE-A7587328F9C5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F70C4654-5763-4095-A844-37BCCE36162C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF81AF-F45D-4A9A-89F6-65AF583B894F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{06308A1E-991B-4372-A2D4-0C9A4E906FFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0E731479-04DF-4A7E-B26B-993A533FB9A2}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{10B7A330-CD34-4ABA-BA33-FEFBB3A28C71}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{129094B4-F0C7-4DFD-91D4-7432D2D3D81B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{137AF7FD-364F-4972-8232-F706A6B802F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{18347780-5AF5-4497-8E63-0B7D84129553}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{19AD8CA8-C6DA-40C0-A74F-A3FED5D021C2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1BEBA5E6-F923-481B-AF7A-B80DCDE04B11}" = protocol=58 | dir=out | [email protected],-28546 |
"{207831B8-00A1-4847-B8F0-51912747A19A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23719538-098B-4F77-996D-DCC1463F2D10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28707C3D-1ABB-44B5-87AE-74AA3C26590B}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{29D16960-EE1C-49B6-8A24-C28636287D90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2BA8311A-AC80-45D2-9E88-4658B1DC6E1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C3F1F84-7629-43A1-B0EA-8F3D62BE8217}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{2C7400C7-C04A-42B3-8434-E53FF1BEAF07}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{2FC57624-C1CD-4498-A1DE-C26BA8FFFDF2}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{311DD648-52F9-47A0-8D67-992E5935C5D4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012 editor\editor.exe |
"{38DF6050-7934-4CC7-A4F7-0767CB3D2570}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3D3A37EF-8CA1-43A1-AF83-EB6C57BBE4E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3FCF1FF6-ED21-4FA2-83A9-F7919409D664}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{42579FCD-B413-49E8-A53A-748512A0D375}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{459BFEAE-7CD8-4BFA-9ECB-85C5E66B5DF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{45A83197-56EB-413B-BCF4-1529C9E9E46B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{46EEA4BA-AFCE-4E60-A20F-73A5C1309B29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{4899E797-5C33-4BB0-99FD-5C9A193B0696}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{494D5DCA-C9E4-4EAF-81DC-B9546095D15A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{49D19CF3-B352-47F7-BD84-D12039F602AA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4A750051-F613-4BD8-A887-4B4982C76A56}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{4B164DDC-CDF1-49E9-9CAF-ED717AE43A2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{4E9CE297-DED3-4709-9864-6153AB6D40C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{53169E18-0101-418E-99FE-49A3C30B63DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54F7427E-69FD-42FD-908A-C581303D4C7D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5ADFFE98-C2D9-4CA5-9FF1-295CEB676C30}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{5CF97500-995E-402E-9261-0135E741853F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
"{63E9206D-8101-4FAB-AFB6-E3ABE020D8BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{64847F67-BED4-4BFB-A948-8F4761DAF56E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6D267F40-2108-42F4-A70F-FBEA69BA5C60}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7168AB60-60CF-42EE-98D9-3D8359F4CEC9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{716D5CD1-79B3-4C31-8DBC-51A8C135CB47}" = protocol=1 | dir=out | [email protected],-28544 |
"{72B17B7D-85E4-4367-BB4D-426161199258}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7636DD2E-02C4-4EF1-83D0-324E886F8D6A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7DE9FF0A-7C66-4FBF-A67D-0FCB9ADC98E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{7E5F3078-ADBF-4702-9BAF-87EDDF64CE96}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7F18BF3F-6B32-43EB-BA05-FAEFCA3DF3C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{7F9B217B-3B11-4558-A182-11E3F4393B56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{839D6256-074D-4328-ABA9-11D489B569B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{83E65B12-75D4-4292-A645-0BC5F3CFC0DE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{85BF24E3-0F1B-4FBC-AA37-C2217564593E}" = protocol=58 | dir=in | [email protected],-28545 |
"{8A958545-3078-43E1-A8A9-58D64174F602}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8D5B9DB6-49C3-42EC-912A-F94B5FE0D0FB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{8DD9477D-71D5-479D-A6D0-B68382B3D773}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{8F53C414-93D2-488F-8EE9-F80383126402}" = protocol=6 | dir=in | app=c:\users\steve\appdata\local\microsoft\windows\temporary internet files\content.ie5\5e4lhrq8\videoconvertersetup[1].exe |
"{90667BE4-1619-4579-A97F-DE84664FC665}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{91A7FA0B-C708-42EE-B817-B713A5446BEC}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{93B98F0B-93C2-4D1E-A199-6748FC6FDDB0}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{971EE9FA-5BF6-448B-A8F4-88BFF50D7A9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{977E53A9-A3AC-4038-8522-C0FB6F2DBB08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97F85F26-762A-4317-9A32-6ABF370EFB90}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A24F7DAD-DBAB-47BC-839B-1D0E94FF7A16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5454842-2A8C-44F8-A8E2-C0E0FB7185E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A79F8383-EC8C-4866-A72D-888C70301EA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8AB3B34-6EBE-44E7-A1FB-DD4A1CC34CE9}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{AC4F5CE3-7F06-456E-AD73-5E21930C52C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD304EE0-3870-4A1D-8EB4-01B70ED4CEA1}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B014569D-0642-4CA4-8F7A-4CA841866C4D}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{B27BAAE5-A682-4B0A-8A24-6C68A6A335EC}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{B5687FAA-119B-4F60-B536-6D25250C57F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD08717C-29A7-4570-BB2F-31C751820186}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{C0A1FB72-997D-4050-BA48-D4E6F2B6E76A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
"{C383C184-555A-467C-BE36-37BABA4ABD09}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C96415A3-ECDA-43AF-9EC0-A9CD18AAE527}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CB4B2CA1-3F5B-4BF9-99C0-D5B02D565EF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB85EB03-C966-4B7D-ACA9-1979D88FB53C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CD9BE4A5-0461-4022-BE1E-D6631B3C8F81}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{CEA5892C-F9AF-4153-A5BD-D11F7EBA0709}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D2696E57-EF5C-45CF-978F-B19E3359210D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D332F7B8-5F99-4560-A44B-12A29EAC79D6}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{D392D550-C8AE-4C8E-BC3A-70B8A49C5061}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D487F388-DA10-45D5-A67A-00719651970B}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{D506F8A4-D155-4049-BE01-8C8F01CF7A8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7763EC1-2631-4289-A718-90E1149CDC5D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D9B0F369-9DB3-4E82-AAE0-531C6837484E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DFB42F4A-9BEC-46F8-BE04-A708F38ECA0B}" = protocol=17 | dir=in | app=c:\users\steve\appdata\local\microsoft\windows\temporary internet files\content.ie5\5e4lhrq8\videoconvertersetup[1].exe |
"{E0F18128-3323-497B-A3A5-226EC6095DE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E2861D2B-039C-4985-BF6B-E0A6E4969524}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{E2A4027F-8DC8-432B-B62D-BB47F8D4F03D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{E3D5DE74-1A38-42C6-9127-21D71A7D8379}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E807D5D1-7AA9-4FC1-A929-17C286D5E199}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E9EBE16D-66DA-4A0E-A3AE-5BC250B2B58C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ECC574FA-ACCC-49A4-A35B-D6DA627859A7}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EDC4D861-BE48-4592-8B4D-46B7690CE9DF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{EF4C8B3D-0AE5-418E-A734-1E18084CEC05}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{F0866055-73D2-40B8-8E39-059734DD1437}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012 editor\editor.exe |
"{F29E6F5F-8A52-4D15-80D7-64E9BCF3667F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2A90767-BDFF-4291-9434-084E2A6D9CC2}" = protocol=6 | dir=out | app=system |
"{F5D80739-4E55-4A86-A3E1-DC4CB2C5260B}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{FCD7A2FB-099D-492C-9053-20252C660C9B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E5A8023-0E90-4503-A1EA-C9FC25680AF9}" = PS_AIO_03_C4400_Software_Min
"{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}" = HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1E33614-25CC-4C2A-8CBA-88B51ABF67E0}" = C4400
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Family Tree" = Family Tree
"Family Tree Builder" = MyHeritage Family Tree Builder
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Football Manager 2009" = Football Manager 2009
"Football Manager 2010" = Football Manager 2010
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Rapport_msi" = Rapport
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"VISPRO" = Microsoft Office Visio Professional 2007
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/10/2012 08:04:36 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McciCMService.exe, version: 6.6.0.12, time
stamp: 0x4a7c9283 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0018002c Faulting process id: 0x78c Faulting application
start time: 0x01cdb696b10df93f Faulting application path: C:\Program Files\Common
Files\Motive\McciCMService.exe Faulting module path: unknown Report Id: f8ced7c8-2289-11e2-aac0-001e0b2b4861

Error - 30/10/2012 08:04:46 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FTBCheckUpdates.exe, version: 3.0.1.829,
time stamp: 0x4e71de75 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x002f002c Faulting process id:
0x48c Faulting application start time: 0x01cdb696b75e3f99 Faulting application path:
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe Faulting module path: unknown
Report
Id: fe892771-2289-11e2-aac0-001e0b2b4861

Error - 30/10/2012 08:04:46 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: HpqSRmon.exe, version: 12.0.0.223, time
stamp: 0x488054ff Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x001e002c Faulting process id: 0x468 Faulting application
start time: 0x01cdb696b79760a0 Faulting application path: C:\Program Files\HP\Digital
Imaging\bin\HpqSRmon.exe Faulting module path: unknown Report Id: feaf3d75-2289-11e2-aac0-001e0b2b4861

Error - 30/10/2012 08:04:48 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: QTTask.exe, version: 7.7.2.0, time stamp:
0x4f8f8924 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x001e002c Faulting process id: 0x5b8 Faulting application
start time: 0x01cdb696b8db1bc5 Faulting application path: C:\Program Files\QuickTime\QTTask.exe
Faulting
module path: unknown Report Id: ffcf43f7-2289-11e2-aac0-001e0b2b4861

Error - 30/10/2012 08:04:50 | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqtra08.exe, version: 130.0.422.0, time
stamp: 0x4ab683ef Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x001e002c Faulting process id: 0x6d8 Faulting application
start time: 0x01cdb696ba6d6453 Faulting application path: C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe Faulting module path: unknown Report Id: 01664f45-228a-11e2-aac0-001e0b2b4861

Error - 30/10/2012 08:19:35 | Computer Name = Steve-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 30/10/2012 08:19:35 | Computer Name = Steve-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 30/10/2012 08:19:37 | Computer Name = Steve-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 30/10/2012 08:19:37 | Computer Name = Steve-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 30/10/2012 11:07:06 | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
Description = The program HijackThis.exe version 2.0.0.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cd0 Start
Time: 01cdb6b0219d71b4 Termination Time: 16 Application Path: C:\Users\Steve\Desktop\HijackThis.exe

Report
Id: 71ec423a-22a3-11e2-bd44-001e0b2b4861

[ System Events ]
Error - 30/10/2012 10:44:38 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:44:38 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:48:14 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:48:14 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:48:14 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:48:14 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:48:14 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:48:14 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 30/10/2012 10:57:24 | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description =

Error - 30/10/2012 11:14:54 | Computer Name = Steve-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.139.712.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070422 Error
description: The service cannot be started, either because it is disabled or because
it has no enabled devices associated with it.


< End of report >


Thanks
  • 0

#4
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,



I have just got a Security Alert window open saying:



You are about to leave a secure Internet Connection. It will be possible for others to view information you send.



What should I do about this? I will now un-plug my internet connection on the infected PC.



Thanks
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi steveo, :)

Hi,
I have just got a Security Alert window open saying:
You are about to leave a secure Internet Connection. It will be possible for others to view information you send.
What should I do about this? I will now un-plug my internet connection on the infected PC.

Thanks

This is a common message in IE. It can usually be disregarded and it can be disabled.
The first time you use IE, or if you just installed an update or reset the browser to it's defaults, you may see this message while browsing websites that use both Secure and Non-Secure pages. If you receive the above IE message, don't be alarmed, it is not a virus or malicious code. The message simply means your browser is switching between non-secure and secure pages, which is a common occurrence within web sites. This message can usually be disregarded or simply disabled.

To manually change that setting in IE, go to Tools > Internet Options > Advanced and uncheck the box next to "Warn if changing between secure and non secure mode". Or, the first time the message appears check the box "In the Future, do not show this warning".

Thanks for the Extras.txt log.

You have a few nasty toolbars on the system.

I see you have downloaded the following tools:
dds.scr
tdsskiller.exe
FRST.exe
rkill.com
Tweaking.com-RepairMissingStartMenuIconsRemovedByInfections.exe
Tweaking.com-UnhideNonSystemFiles.exe

1. Please let me know what you have run and post any logs from those tools.
2. Did you / have you run ComboFix?
3. Do you still have HitmanPro on the Computer? I see evidence of HitmanPro on the system but I don't see it in the list of installed programs.. If you still have the program please Do Not use it while we are cleaning up the system and if you still have it I would recommend uninstalling it. If you don't have it anymore we can remove the remnants.

4. Did you turn the Uesr Account Control off on purpose?
5. Do you know what the registryfix.reg file on the desktop is?


Step-1.

Malicious program uninstalls

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Windows iLivid Toolbar

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.js
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
C:\Program Files\Common Files\ComObjects\*.* /s
c:|Bandoo;true;true;true; /FP
c:|Searchnu;true;true;true; /FP
c:|Searchqu;true;true;true; /FP
c:|iLivid;true;true;true; /FP
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-3.

Things For Your Next Post:
1. Answer my questions above
2. Post any logs from tools you have previously run
3. The new OTL.txt log
  • 0

#6
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

To answer your questions first:

1 - Don't think I have run any of these programs as yet, I was trying to fix the problem myself but thought it best not to.
2 - Yes I have run Combo Fix as advised my somebody else, however I can't locate the log, shall I do another scan and send you the log?
3 - I don't know about Hitman Pro, but I know I haven't run it while I have had this problem, I can't locate it in the uninstall option.
4 - I don't know anything about the user account control.
5 - I have no idea what the Registryfix.reg is.

I have also tried to uninstall the iLivid toolbar - but again I can't find it to uninstall.
  • 0

#7
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have just pasted the text into OTL and ran the scan, after a while I got an error message saying:

Cannot create file - C:\Users\Steve\Desktop\cmd.bat


Then it from and at the bottom of the box was:

Pattern Search - c:\Users\Steve\AppData\Local\Ilivid Player...

It froze on that and nothing happened, I left it for about 10 minutes, should I have left it longer?

Many thanks
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Thanks for the answers. No, I don't want ComboFix run again.
As for Hitman and the iLivd toolbar we will remove the entries in the log.
Don't worry about the scan. We'll do it another way.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tjydqyjj.sys -- (tjydqyjj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ltlicotd.sys -- (ltlicotd)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\abyqwkvg.sys -- (abyqwkvg)
DRV - [2012/06/26 16:56:45 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro36)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
[2011/04/28 09:43:35 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files\RegTweaker\key.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O33 - MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\Shell - "" = AutoRun
O33 - MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
[2012/10/26 09:19:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\brrgwymp
[2012/06/26 12:09:23 | 000,000,136 | ---- | C] () -- C:\ProgramData\-Jw0FJLGdUTKF9Qr
[2012/06/26 12:09:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\-Jw0FJLGdUTKF9Q
[2012/06/26 12:09:17 | 000,000,256 | ---- | C] () -- C:\ProgramData\Jw0FJLGdUTKF9Q
[2010/12/26 23:36:44 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
[2010/12/26 23:36:44 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
[2010/11/28 16:51:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\?L
[2010/11/28 16:51:08 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\?L
[2010/11/21 22:36:26 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\?O
[2010/11/21 22:36:26 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\?O
[2010/11/21 11:52:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\?O
[2010/11/21 11:52:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\?O
[2010/10/21 12:34:49 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\?L
[2010/10/21 12:34:49 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\?L
[2010/10/20 12:34:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
[2010/10/20 12:34:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
[2010/10/13 11:52:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
[2010/10/13 11:52:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\??
[2010/10/11 12:27:42 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?K) -- C:\Windows\System32\?K
[2010/10/11 12:27:42 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?K) -- C:\Windows\System32\?K
[2010/09/12 14:55:29 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\?Œ
[2010/09/12 14:55:29 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\?Œ
[2010/08/22 22:27:43 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?N) -- C:\Windows\System32\?N
[2010/08/22 22:27:43 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?N) -- C:\Windows\System32\?N
[2010/08/21 11:50:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\?L
[2010/08/21 11:50:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\?L
@Alternate Data Stream - 16 bytes -> C:\Users\Steve\Downloads:Shareaza.GUID

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run RogueKiller

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • XP users, double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R1].txt

Step-4.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-5

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.js
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Do Not click the box beside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-6.

Things For Your Next Post:
1. The OTL fixes log
2. The RKreport.txt log
3. The AdwCleaner[R1].txt log
4. The aswMbr log
5. The new OTL.txt log
  • 0

#9
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

Below is the OTL Files log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named tjydqyjj was found to stop!
Service\Driver key tjydqyjj not found.
File C:\Windows\system32\drivers\tjydqyjj.sys not found.
Error: No service named ltlicotd was found to stop!
Service\Driver key ltlicotd not found.
File C:\Windows\system32\drivers\ltlicotd.sys not found.
Error: No service named abyqwkvg was found to stop!
Service\Driver key abyqwkvg not found.
File C:\Windows\system32\drivers\abyqwkvg.sys not found.
Service hitmanpro36 stopped successfully!
Service hitmanpro36 deleted successfully!
C:\Windows\System32\drivers\hitmanpro36.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 not found.
Starting removal of ActiveX control {15589FA1-C456-11CE-BF01-00AA0055595A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16dfd6a5-6912-11df-94e0-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9201a9df-6cbf-11df-a51f-001e0b2b4861}\ not found.
File G:\setup.exe AUTORUN=1 not found.
Folder C:\Users\Steve\AppData\Local\brrgwymp\ not found.
C:\ProgramData\-Jw0FJLGdUTKF9Qr moved successfully.
C:\ProgramData\-Jw0FJLGdUTKF9Q moved successfully.
C:\ProgramData\Jw0FJLGdUTKF9Q moved successfully.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?L not found.
File C:\Windows\System32\?L not found.
File C:\Windows\System32\?O not found.
File C:\Windows\System32\?O not found.
File C:\Windows\System32\?O not found.
File C:\Windows\System32\?O not found.
File C:\Windows\System32\?L not found.
File C:\Windows\System32\?L not found.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?? not found.
File C:\Windows\System32\?K not found.
File C:\Windows\System32\?K not found.
File C:\Windows\System32\?Πnot found.
File C:\Windows\System32\?Πnot found.
File C:\Windows\System32\?N not found.
File C:\Windows\System32\?N not found.
File C:\Windows\System32\?L not found.
File C:\Windows\System32\?L not found.
Unable to delete ADS C:\Users\Steve\Downloads:Shareaza.GUID .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 533285565 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 12541499 bytes
->Apple Safari cache emptied: 158763008 bytes
->Flash cache emptied: 771 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1459817 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13148 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 673.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10312012_190126

Files\Folders moved on Reboot...
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5MTMUOL\323759-trojandropper-rustocke[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have 2 x RKreport Logs:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 10/31/2012 19:07:30

€€€ Bad processes : 0 €€€

€€€ Registry Entries : 6 €€€
[TASK][SUSP PATH] {3E684397-5AF8-42EA-AE6C-E97448ED74CA} : C:\Windows\System32\pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT2R2D94\dotnetfx[1].exe" -d C:\Users\Steve\Desktop -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg) -> FOUND

€€€ Particular Files / Folders: €€€

€€€ Driver : [LOADED] €€€

€€€ HOSTS File: €€€
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


€€€ MBR Check: €€€

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] e479bb0cfbebd96921497c63c8543733
[BSP] 88664c2f202ca5fb4aba16f99868af4a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 150415 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 308256768 | Size: 1999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Photosmart C4400 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: USB DISK MODULE USB Device +++++
--- User ---
[MBR] e9a61568ffac316a1d8c9215fd32be2f
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



2nd :

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Remove -- Date : 10/31/2012 19:10:49

€€€ Bad processes : 0 €€€

€€€ Registry Entries : 6 €€€
[TASK][SUSP PATH] {3E684397-5AF8-42EA-AE6C-E97448ED74CA} : C:\Windows\System32\pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT2R2D94\dotnetfx[1].exe" -d C:\Users\Steve\Desktop -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg) -> REPLACED (C:\Users\Steve\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp)

€€€ Particular Files / Folders: €€€

€€€ Driver : [LOADED] €€€

€€€ HOSTS File: €€€
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


€€€ MBR Check: €€€

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] e479bb0cfbebd96921497c63c8543733
[BSP] 88664c2f202ca5fb4aba16f99868af4a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 150415 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 308256768 | Size: 1999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Photosmart C4400 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: USB DISK MODULE USB Device +++++
--- User ---
[MBR] e9a61568ffac316a1d8c9215fd32be2f
[BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

Advertisements


#11
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ADw Log - It didn't give me the option to re-boot:

# AdwCleaner v2.006 - Logfile created 10/31/2012 at 19:16:09
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Windows iLivid Toolbar
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Steve\AppData\Local\Conduit
Folder Found : C:\Users\Steve\AppData\Local\Ilivid Player
Folder Found : C:\Users\Steve\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Steve\AppData\LocalLow\Conduit
Folder Found : C:\Users\Steve\AppData\LocalLow\imeshbandmltbpi
Folder Found : C:\Users\Steve\AppData\LocalLow\searchquband

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5600 octets] - [31/10/2012 19:16:09]

########## EOF - C:\AdwCleaner[R1].txt - [5660 octets] ##########
  • 0

#12
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 19:18:31
-----------------------------
19:18:31.002 OS Version: Windows 6.1.7601 Service Pack 1
19:18:31.002 Number of processors: 2 586 0xF0B
19:18:31.002 ComputerName: STEVE-PC UserName: Steve
19:18:31.408 Initialize success
19:18:33.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:18:33.514 Disk 0 Vendor: ST3160815AS 3.CHF Size: 152627MB BusType: 3
19:18:33.576 Disk 0 MBR read successfully
19:18:33.576 Disk 0 MBR scan
19:18:33.576 Disk 0 Windows 7 default MBR code
19:18:33.592 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:18:33.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150415 MB offset 206848
19:18:33.638 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1999 MB offset 308256768
19:18:33.670 Disk 0 scanning sectors +312350720
19:18:33.794 Disk 0 scanning C:\Windows\system32\drivers
19:18:42.593 Service scanning
19:19:02.966 Modules scanning
19:19:24.042 Disk 0 trace - called modules:
19:19:24.058 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
19:19:24.073 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e3b7d0]
19:19:24.073 3 CLASSPNP.SYS[891c659e] -> nt!IofCallDriver -> [0x85d6e918]
19:19:24.089 5 ACPI.sys[88ec23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85d59908]
19:19:24.089 Scan finished successfully
19:19:35.383 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
19:19:35.383 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
  • 0

#13
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi,

The final OTL text log:

OTL logfile created on: 31/10/2012 19:21:42 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 67.64% Memory free
3.94 Gb Paging File | 3.14 Gb Available in Paging File | 79.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.89 Gb Total Space | 47.16 Gb Free Space | 32.11% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.20% Space Free | Partition Type: NTFS
Drive G: | 982.05 Mb Total Space | 14.02 Mb Free Space | 1.43% Space Free | Partition Type: FAT32

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/10/19 20:27:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 18:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/05/28 17:53:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steve\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Steve\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/09/22 15:34:42 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/09 08:30:56 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/05/30 09:00:13 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/26 15:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 15:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 11:12:28 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 40 FE A5 8B B7 CD 01 [binary data]
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/03 09:18:09 | 000,000,000 | ---D | M]

[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/06/20 03:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/12 08:48:55 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/12 12:59:27 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://start.facemoods.com/?a=bf1
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/10/31 10:09:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3861640900-3594680369-2024644055-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3490D01-2D2B-4749-9468-9E34BE358641}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 19:17:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/10/31 19:06:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2012/10/31 19:01:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/31 18:59:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/31 17:30:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/31 17:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/10/31 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Adobe
[2012/10/31 10:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/31 10:06:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/30 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
[2012/10/30 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICON 225 USB Connect
[2012/10/30 16:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/30 16:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/30 16:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/30 16:35:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/30 16:35:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/30 16:34:52 | 004,991,862 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/10/30 15:49:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:16 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 14:47:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012/10/30 13:19:36 | 074,254,416 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\msert.exe
[2012/10/30 13:09:35 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/30 13:03:27 | 000,906,692 | ---- | C] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/30 10:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/30 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/30 10:37:57 | 021,462,096 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/30 10:35:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Steve\Desktop\ATF-Cleaner.exe
[2012/10/27 09:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/27 09:31:53 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\mseinstall.exe
[2012/10/26 14:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/26 14:21:37 | 014,221,232 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/26 13:39:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/26 13:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/26 13:10:50 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/19 20:52:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Macromedia
[2012/10/19 20:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Broadband Desktop Help
[2012/10/19 20:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Motive
[2012/10/19 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/10/19 20:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/19 20:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/10/11 08:40:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/11 08:39:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/10/11 08:39:46 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/10/11 08:39:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/11 08:39:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/11 08:39:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/11 08:39:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/11 08:39:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/11 08:39:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/11 08:39:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/11 08:39:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/11 08:39:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/11 08:39:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/11 08:39:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/11 08:39:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/11 08:39:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/11 08:39:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/11 08:39:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/11 08:39:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/11 08:39:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/11 08:39:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/11 08:38:55 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/11 08:38:55 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/05 08:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/03 08:34:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\FM Genie Scout 10

========== Files - Modified Within 30 Days ==========

[2012/10/31 19:19:35 | 000,000,512 | ---- | M] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/10/31 19:18:57 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 19:18:57 | 000,015,376 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 19:17:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR.exe
[2012/10/31 19:16:13 | 000,671,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/31 19:16:13 | 000,129,960 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/31 19:15:59 | 000,540,977 | ---- | M] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2012/10/31 19:11:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 19:11:37 | 1587,253,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 19:06:57 | 001,584,640 | ---- | M] () -- C:\Users\Steve\Desktop\RogueKiller.exe
[2012/10/31 16:02:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/31 16:01:55 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/31 10:09:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/30 16:34:56 | 004,991,862 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2012/10/30 15:49:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/10/30 15:09:29 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\dds.scr
[2012/10/30 15:06:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HijackThis.exe
[2012/10/30 13:19:38 | 074,254,416 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\msert.exe
[2012/10/30 13:10:06 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2012/10/30 13:03:30 | 000,906,692 | ---- | M] (Farbar) -- C:\Users\Steve\Desktop\FRST.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/30 10:38:07 | 021,462,096 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2012/10/30 10:35:25 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Steve\Desktop\ATF-Cleaner.exe
[2012/10/29 14:31:34 | 000,417,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/27 09:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/27 09:32:00 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\mseinstall.exe
[2012/10/26 16:51:45 | 000,000,228 | ---- | M] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 14:21:46 | 014,221,232 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware-5.0.1142.exe
[2012/10/26 13:12:14 | 000,000,055 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 12:20:14 | 001,008,141 | ---- | M] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | M] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:52:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/19 20:52:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/19 20:29:46 | 000,001,396 | ---- | M] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk

========== Files Created - No Company Name ==========

[2012/10/31 19:19:35 | 000,000,512 | ---- | C] () -- C:\Users\Steve\Desktop\MBR.dat
[2012/10/31 19:15:55 | 000,540,977 | ---- | C] () -- C:\Users\Steve\Desktop\adwcleaner.exe
[2012/10/31 19:06:52 | 001,584,640 | ---- | C] () -- C:\Users\Steve\Desktop\RogueKiller.exe
[2012/10/30 16:41:04 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ICON 225 USB Connect.lnk
[2012/10/30 16:41:04 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/30 16:41:03 | 000,002,555 | ---- | C] () -- C:\Users\Public\Desktop\FMRTE.lnk
[2012/10/30 16:41:03 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\ICON 225 USB Connect.lnk
[2012/10/30 16:41:03 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/30 16:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/30 16:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/30 16:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/30 16:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/30 16:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/30 10:38:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/10/27 09:32:31 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Users\Steve\Desktop\registryfix.reg
[2012/10/26 13:40:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/26 12:50:20 | 000,000,055 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\mbam.context.scan
[2012/10/26 12:20:03 | 001,008,141 | ---- | C] () -- C:\Users\Steve\Desktop\rkill.com
[2012/10/25 13:19:04 | 000,001,079 | ---- | C] () -- C:\Users\Steve\Desktop\Documents - Shortcut.lnk
[2012/10/19 20:29:46 | 000,001,396 | ---- | C] () -- C:\Users\Public\Desktop\BT Broadband Desktop Help.lnk
[2012/01/20 12:55:48 | 000,195,496 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/03 09:13:37 | 000,164,645 | ---- | C] () -- C:\Windows\hpoins29.dat
[2011/10/03 09:13:36 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2011/09/26 13:54:54 | 000,000,527 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/09/26 13:51:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/06/23 15:10:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/16 13:30:33 | 000,003,584 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 11:11:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/02/26 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/02/26 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/05/31 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG9
[2011/10/12 12:33:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2011/03/22 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BSD
[2011/07/02 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FrostWire
[2011/03/17 11:34:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MP3Rocket
[2011/09/03 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MusicNet
[2011/09/26 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyHeritage
[2011/08/08 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Netscape
[2011/10/01 14:54:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OnLive App
[2011/09/21 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Scribus
[2011/03/17 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shareaza
[2012/08/01 10:36:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sports Interactive
[2011/09/26 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/11/20 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2012/10/26 13:25:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2011/04/09 09:16:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.js >
[2011/10/12 13:00:20 | 000,001,210 | ---- | M] () -- C:\prefs.js

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: QMGR.DLL >
[2009/07/14 01:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 12:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010/11/20 12:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 12:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Qoobox\Quarantine\C\Users\Steve\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
[2009/07/14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 05:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3160815AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: HP Photosmart C4400 USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: USB DISK MODULE USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 147.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 157827465216
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 984.00MB
Starting Offset: 16384
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: STEVE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 146 GB Healthy Boot
Volume 3 D OS_TOOLS NTFS Partition 1999 MB Healthy
Volume 4 F Removable 0 B No Media
Volume 5 G W890I FAT32 Removable 983 MB Healthy

< >
[2009/07/14 04:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 04:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< >

< >

========== Files - Unicode (All) ==========
[2010/12/26 23:36:44 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/12/26 23:36:44 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\銠̖
[2010/11/28 16:51:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/28 16:51:08 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\輘Ľ
[2010/11/21 22:36:26 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 22:36:26 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\䗠Ō
[2010/11/21 11:52:32 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/11/21 11:52:32 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?O) -- C:\Windows\System32\ꎐŌ
[2010/10/21 12:34:49 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/21 12:34:49 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\늸Ĺ
[2010/10/20 12:34:11 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șʼn
[2010/10/20 12:34:11 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\Șʼn
[2010/10/13 11:52:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/13 11:52:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꏰ˿
[2010/10/11 12:27:42 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/10/11 12:27:42 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?K) -- C:\Windows\System32\䀀Ķ
[2010/09/12 14:55:29 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\춘Œ
[2010/09/12 14:55:29 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?Œ) -- C:\Windows\System32\춘Œ
[2010/08/22 22:27:43 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/22 22:27:43 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?N) -- C:\Windows\System32\Ń
[2010/08/21 11:50:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ
[2010/08/21 11:50:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\�Ļ

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Steve\Downloads:Shareaza.GUID
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


Thanks again for all of your help with this!!
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi steveo,

Thanks again for all of your help with this!!

You are welcome. :)

Please do not run things I do not ask for. The RougeKiller remove report:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Remove -- Date : 10/31/2012 19:10:49


is only generated when the Delete button is clicked. You didn't really hurt anything, but this tool sometimes finds things that are legitimate and need to be unchecked before the Delete button is clicked and they are removed.

Let me know what issues remain after this run


Step-1.

Set your home page

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the Set your home page section.
  • Find the (http://start.facemoods.com/?a=bf1) entry and change it to another page, like google
  • Close the browser

Step-2.

Re-run AdwCleaner Fix

Close all open windows and browsers.

Re-open AdwCleaner
  • Double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[S1].txt

Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
[2011/10/12 12:59:27 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

:FILES
C:\prefs.js
C:\Windows\System32\??) -- C:\Windows\System32\??
C:\Windows\System32\??) -- C:\Windows\System32\??
C:\Windows\System32\?L) -- C:\Windows\System32\?L(
C:\Windows\System32\?L) -- C:\Windows\System32\?L(
C:\Windows\System32\?O) -- C:\Windows\System32\?O-
C:\Windows\System32\?O) -- C:\Windows\System32\?O-
C:\Windows\System32\?O) -- C:\Windows\System32\?O-
C:\Windows\System32\?O) -- C:\Windows\System32\?O-
C:\Windows\System32\?L) -- C:\Windows\System32\?L'
C:\Windows\System32\?L) -- C:\Windows\System32\?L'
C:\Windows\System32\??) -- C:\Windows\System32\S,'n
C:\Windows\System32\??) -- C:\Windows\System32\S,'n
C:\Windows\System32\??) -- C:\Windows\System32\??
C:\Windows\System32\??) -- C:\Windows\System32\??
C:\Windows\System32\?K) -- C:\Windows\System32\?K,
C:\Windows\System32\?K) -- C:\Windows\System32\?K,
C:\Windows\System32\?Œ) -- C:\Windows\System32\?Œ
C:\Windows\System32\?Œ) -- C:\Windows\System32\?Œ
C:\Windows\System32\?N) -- C:\Windows\System32\?N'
C:\Windows\System32\?N) -- C:\Windows\System32\?N'
C:\Windows\System32\?L) -- C:\Windows\System32\?L,
C:\Windows\System32\?L) -- C:\Windows\System32\?L,
C:\Users\Steve\Downloads:Shareaza.GUID

:COMMANDS
[PURITY]
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Posted ImageMalwarebytes' Anti-Malware

  • Right click the MalwareBytes icon on the desktop and click Run as Administrator
  • You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program if required.
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-5.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-6.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-7.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • Click the Posted Image button.
  • Post the log it produces in your next reply.

Step-7.

Things For Your Next Post:
1. The AdwCleaner[S1].xtx log
2. The OTL fixes log
3. The MalwareBytes log
4. The ESET scan log (IF threats were found)
5. The Checkup.txt log
6. The new OTL.txt log
  • 0

#15
steveo20102010

steveo20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry about the rogue killer remove, you didn't say to remove threats or not so I thought it would be safer to remove!! I will check in future.

Will run all of these tomorrow and send the logs.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP